package com.luoc.base.config.shiro;


import com.luoc.base.config.mybatis.entity.SysUser;
import com.luoc.base.config.mybatis.entity.SysUserRole;
import com.luoc.base.config.mybatis.mapper.SysRoleResourcesMapper;
import com.luoc.base.config.mybatis.mapper.SysUserMapper;
import com.luoc.base.config.mybatis.mapper.SysUserRoleMapper;
import com.luoc.base.config.mybatis.service.ISysResourcesService;
import com.luoc.base.config.mybatis.service.ISysUserRoleService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;


import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

/**
 * @Author: luoc
 * @Date: 2019/7/4 17:56
 * 获取权限范围的类
 */


public class MyShiroRealm extends AuthorizingRealm {

    @Autowired
    private SysUserRoleMapper sysUserRoleMapper;

    @Autowired
    private SysRoleResourcesMapper sysRoleResourcesMapper;

    @Autowired
    private SysUserMapper sysUserMapper;

    @Autowired
    private ISysResourcesService sysResourcesService;

    @Autowired
    private ISysUserRoleService sysUserRoleService;

    /**
     * 授权用户权限
     *
     * @param principalCollection
     * @return
     */
    @Override
    public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        // 获取用户
        String userName = (String) SecurityUtils.getSubject().getPrincipal();
        if (userName != null) {
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

            //角色集合
            Collection<String> rolesCollection = new HashSet<>();
            //权限集合
            Collection<String> premissionCollection = new HashSet<>();

            List<SysUserRole> roleIds = sysUserRoleService.selectRoleIdsByUserId(userName);
            for (SysUserRole role : roleIds) {
                rolesCollection.add(role.getRoleId().toString());
                List<Map<String, Object>> roleResources = sysRoleResourcesMapper.selectResourceIdByRoleId(role.getRoleId());
                for (Map<String, Object> map : roleResources) {
                    premissionCollection.add((String) map.get("resUrl"));
                }
                info.addStringPermissions(premissionCollection);
            }
            info.addRoles(rolesCollection);
            return info;
        }
        return null;
    }

    /**
     * 验证用户身份
     *
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;

        String userName = token.getUsername();
        SysUser sysUser = sysUserMapper.findByName(userName);

        if (sysUser == null) {
            throw new UnknownAccountException();
        }

        ByteSource credentialsSalt = ByteSource.Util.bytes(sysUser.getUserName());
        return new SimpleAuthenticationInfo(sysUser.getUserName(), sysUser.getPassWord(), credentialsSalt, getName());
    }
}
